Regulation as a Facilitator of Startup Innovation: The Purpose Limitation Principle and Data Privacy

  • Max von Grafenstein


Personal data are permitted to be used only for the purpose for which they were originally gathered. This is the basis of the ‘purpose limitation principle’, which, as one of the key pillars of German data protection legislation, is often hotly debated. The use of this principle is a challenge, not only for startups but also for individuals affected by the processing of their personal data. Where startups often do not know how data may finally be used, and therefore find it difficult to specify precisely or broadly enough the purposes to which a user’s data might be put, affected individuals often find themselves in a labyrinth of possible purposes to which their data might be put followed by an endless series of data protection conditions. Users often emerge none the wiser regarding the possible purposes to which their data might be put. Therefore this chapter discusses how the purpose limitation principle might best be applied. The proposal given here allows a non-restrictive, indeed innovation-friendly, application of the principle.


Purpose limitation Legal certainty Data protection model Standards Certificates Purpose standardisation 


  1. Alexander von Humboldt Institute for Internet and Society. (n.d.). Innovation und Entrepreneurship. Retrieved from:
  2. Wissenschaftliches Institut für Infrastruktur und Kommunikationsdienste. (n.d.). Personal data and privacy. Retrieved from:

Copyright information

© The Author(s) 2018

Authors and Affiliations

  • Max von Grafenstein
    • 1
  1. 1.Alexander von Humboldt Institute for Internet and SocietyBerlinGermany

Personalised recommendations